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DETAILED ACTION 

1. A request for continued exannination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicants submission filed on 
10/02/2007 has been entered. Claims 1-53 are cancelled. Claims 54-75 are pending. 

Response to Arguments 

2. Applicant's arguments with respect to claims 54-75 have been considered but are 
moot in view of the new ground(s) of rejection below. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary .skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 54-55 and 57-59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Devine et al. (Devine), US Patent No. 6,606,708 and further in view 
of Riggins, US Patent No. 7,287,271 . 



Application/Control Number: Page 3 

09/420.208 

Art Unit: 2176 

5. As to independent claim 54, Devine discloses a method, comprising: 

determining at a local server whether a user is authorized to access a remote 
server (col. 13, line 60 - col. 14, line 5: dispatcher server (local server) authenticates 
the user's access to the desired middle-tier service from mid-range server (remote 
server); 

when the user is authorized, identify a privilege level associated with the user, 
the identified privilege level defining how the user is permitted to control an operating 
system running on the remote server (Abstract: providing for an identification of the 
user, and an identification of the user is who he/she claims to be and a determination of 
entitlements that the user may avail themselves of within the enterprise system; the 
entitlements represent specific services the user has subscribed and has privilege to 
access (col. 16, lines 44-54)); 

receiving at the local server one or commands from the user, the commands for 
controlling the operating system (col. 16, lines 60-66: the user is able to select a service 
or a request to run, and the service can be a command and control, read, write and 
modify files (col. 27, lines 2-9)); 

filtering the commands received at the local server according to a verification of 
whether the received commands correspond to the identified privilege level for the user 
(col. 14, lines 6-32: the dispatcher receiving the requests from the user, the request 
then is examined, revealing the user and the target middle-tier service for the request, 
and performing validation, making sure that the user Is entitle to communicate with the 
desired service); and 
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sending messages that represent the filtered commands from the local server, 
over the packet switch network, and to the remote server when the commands 
correspond to the identified privilege level (col. 14, lines 6-32: managing the 
communication of the specific customer request with the middle-tier server to actually 
get the request serviced). 

However, Devine does not explicitly disclose identify at the local server a 
privilege level associated with the user. 

In the same field of endeavor, Riggins discloses the user must first obtain 
authorization from the global server (local server), and once authenticated, the global 
server 106 provides the user with access to the services, and varying levels of access 
to services will be granted based on varying strengths of identification and 
authentication (col. 4, lines 24-34). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Riggins with Devine to include identify 
at the local server a privilege level associated with the user for the purpose of 
controlling access to services, logging use of keys and logging access of resources. 

6. As to dependent claim 55, Devine discloses logging into the remote server prior 
to sending the messages, said login conducted using an operating system level account 
that is selected independently of the user (col. 16, lines 15-21). 
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7. As to dependent claim 57, Divine discloses wherein the commands are 
generated in response to the user making selections on one or more web pages 
displayed by a client system (col. 16, lines 54-66). 

8. As to dependent claim 58, Devine discloses wherein the messages cause the 
remote server to download files to a client system separate from the remote server (col. 
5, line 62 -col. 6, line 7). 

9. As to dependent claim 59, Devine discloses wherein the client system is a same 
client system that originates the commands (col. 5, line 62 - col. 6, line 7). 

10. Claim 56 is rejected under 35 U.S.C. 103(a) as being unpatentable over Devine 
and Riggins as applied to claims 54-55 and 57-59 above, and further in view of Booth, 
US Patent No. 6,345,307. 

11. As to dependent claim 56, Devine and Riggins, however, does not explicitly 
disclose wherein the messages are sent using a transfer protocol that operates 
independently of HyperText Transfer Protocol (HTTP) capability on the remote server 
and that operates independently of TELecommunications NETwork (TELNET) capability 
on the remote server. 

Booth discloses a proxy server is a type of gateway that allows a browser using 
HTTP to communicate with a server that does not understand HTTP, but which uses 
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FTP; the proxy server accepts HTTP requests from the browser and translates them 
into a format that is suitable for the origin server such as an FTP request (col. 1, lines 
34-45), and thus this implies the requests are sent using a transfer protocol FTP that 
operates independently of HyperText Transfer Protocol (HTTP) capability on the remote 
server and that operates independently of TELecommunications NETwork (TELNET) 
capability on the remote server. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Booth and Devine to include the 
messages are sent using a transfer protocol that operates independently of HyperText 
Transfer Protocol (HTTP) capability on the remote server and that operates 
independently of TELecommunications NETwork (TELNET) capability on the remote 
server for the purpose of enhancing communications between users and servers that do 
not have the same protocols. 

12. Claims 60-61 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Devine and Riggins as applied to claims 54-55 and 57-59 above, and further in view of 
Lomet et al. (Lomet), US Patent No. 6,182,086. 

13. As to dependent claim 60, Devine and Riggins, however, do not explicitly 
disclose the local seiver creating a session log entry that identifies the commands 
represented by the messages, the session log entry containing information allowing a 
system administrator to undo transactions performed on the remote server 
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Lomet discloses server 54 generates a log record for each of its own write 
operation on database objects (col. 10, lines 35-41). Lomet further discloses the server 
can undo a request and re-execute it all over again when the client re-submits the 
request (col. 10, line 59 -col. 11, line 2). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Lomet with Devine and Riggins to 
include the local server creating a session log entry that identifies the commands 
represented by the messages, the session log entry containing information allowing a 
system administrator to undo transactions performed on the remote server. The 
motivation for creating log record is to provide undo recovery with incomplete 
requests/commands. 

14. As to dependent claim 61, Devine and Riggins disclose wherein the transactions 
alter a file system stored on the server (Devine, col. 27, lines 2-5: determining 
authorization for command and control, read, write, and modify files). 

However, Devine and Riggins do not explicitly disclose the session log entry 
allows the system administrator to rebuild the file system. 

Lomet discloses when restarting after a server failure, the server performs 
analysis pass over log file by rebuilding the active application table (file system) (col. 15, 
line 60 -col. 16, line 12). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Lomet with Devine and Riggins to 
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include the session log entry allows the systenn administrator to rebuild the file system 
for the purpose of recovering failed server, 

15. Claims 62-64, 66, and 69-75 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Devine et al. (Devine), US Patent No. 6,606,708 in view of Riggins, 
US Patent No. 7,287,271, and further in view of Brown et al. (Brown), US Patent No. 
5.941,947. 

16. As to independent claims 62 and 72, Devine discloses a system, comprising: 

a content server having configured thereon an Operating System (OS), the OS 
capable of provisioning OS level accounts that define levels of administrative privileges 
for users (col. 13, line 60 - col. 14. line 5: dispatcher server (content sen/er) 
authenticates the user's access to the desired middle-tier service from mid-range server 
(remote server); Abstract: providing for an identification of the user, and an identification 
of the user is who he/she claims to be and a determination of entitlements that the user 
may avail themselves of within the enterprise system; the entitlements represent 
specific services the user has subscribed and has privilege to access (col. 16. lines 44- 
54)); 

one or more central server to function as a trusted proxy for the content server by 
remotely administering privilege management for the content server (col. 13, line 60 - 
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col. 14, line 5: dispatcher server (central server) authenticates the user's access to the 
desired middle-tier service from mid-range server (content server)); 

the central servers to receive an access request from one of the remote users, to 
determine whether the remote user is authorized to access the content server, and 
when the remote user is authorized to access the content server, to select a level of 
administrative privileges according to the remote user (col. 13, line 60 - col. 14, line 5: 
dispatcher server (central server) authenticates the user's access to the desired middle- 
tier service from mid-range server (content server); Abstract: providing for an 
identification of the user, and an identification of the user is who he/she claims to be and 
a determination of entitlements that the user may avail themselves of within the 
enterprise system; the entitlements represent specific services the user has subscribed 
and has privilege to access (col. 16, lines 44-54)); and 

the central servers to receive, from an endpoint for the remote user, commands 
for controlling the content server, to filter the received commands according to the 
selected level of administrative privileges, and to fonA/ard the filter commands to the 
content server (col. 16, lines 60-66: the user is able to select a service or a request to 
run, and the service can be a command and control, read, write and modify files (col. 
27, lines 2-9); the dispatcher receiving the requests from the user, the request then is 
examined, revealing the user and the target middle-tier service for the request, and 
performing validation, making sure that the user Is entitle to communicate with the 
desired service (col. 14, lines 6-32); managing the communication of the specific 
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customer request with the middle-tier server to actually get the request serviced (col. 
14, lines 6-32). 

However, Devine does not explicitly disclose different level accounts that defines 
different levels of administrative privileges for different users. 

in the same field of endeavor, Riggins discloses the user must first obtain 
authorization from the global server (local server), and once authenticated, the global 
server 106 provides the user with access to the services, and varying levels of access 
to services will be granted based on varying strengths of identification and 
authentication of users(col. 4, lines 24-34). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Riggins with Devine to include different 
level accounts that defines different levels of administrative privileges for different users 
for the purpose of controlling access to services, logging use of keys and logging 
access of resources. 

Devine and Riggins, however, do not explicitly disclose the content server having 
established thereon a single OS account for allowing accessing to a plurality of remote 
users, the single OS level account associated a same level of administrative privileges 
for the remote users. 

In the same field of endeavor. Brown discloses access rights data is stored within 
the relational database association with multiple user group identifiers, which identify 
user groups (col. 3, lines 12-20). Brown further discloses upon receiving a user-specific 
access rights query, the security server (content server) accesses the group-member 



Application/Control Number: Page 1 1 

09/420,208 

Art Unit: 2176 

table to identify all user groups of which the specified user is a member (col. 4, lines 40- 
65). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Brown with Devine and Riggins to 
include storing access rights data primarily on a per-user-group basis, rather than 
separately storing the access rights of each individual user. The motivation for the use 
of user groups is to reduce the quantity of access rights data that needs to be stored. 

17. As to dependent claim 63, Devine and Riggins disclose the central servers 
impose differing restrictions on the remote users through command filtering (Devine, 
Abstract: providing for an identification of the user, and an identification of the user is 
who he/she claims to be and a determination of entitlements that the user may avail 
themselves of within the enterprise system; the entitlements represent specific services 
the user has subscribed and has privilege to access (col. 16, lines 44-54)). 

However, Devine and Riggins do not explicitly disclose wherein the single OS 
level account is a generic account that does not restrict administrative privileges. 

In the specification, Applicant describes "this generic entry is assigned to multiple 
users" (see page 13, lines 20-23). In the same field of endeavor, Brown discloses 
access rights data is stored within the relational database association with multiple user 
group identifiers, which identify user groups (col. 3, lines 12-20). Brown further 
discloses upon receiving a user-specific access rights query, the security server 
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accesses the group-member table to identify all user groups of which the specified user 
is a member (col. 4, lines 40-65). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Brown with Devine and Riggins to 
include storing access rights data primarily on a per-user-group basis, rather than 
separately storing the access rights of each individual user. The motivation for the use 
of user groups is to reduce the quantity of access rights data that needs to be stored. 

18. As to dependent claim 64, Devine and Riggins, however, do not explicitly 
disclose wherein the central servers are logged onto the content server under the single 
OS level account when fonA/arding the filtered commands for the different users. 

Brown discloses a request is generated on the client and sent to the gateway 
(central server) that is handling the logon session, the gateway then selects a single 
application server (content server) to handle the service session, and throughout the 
service session, the gateway routes messages between the client and the application 
server as the client and server portions of the service application communicate (col. 9, 
lines 12-32). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Brown with Devine and Riggins to 
include the central servers are logged onto the content server under the single OS level 
account when fonA^arding the filtered commands for the different users. The motivation 
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for the use of user groups is to reduce the quantity of access rights data that needs to 
be stored. 

19. As to dependent claim 66, Devine discloses the central server send a notification 
to the remote user when one of the commands is filtered, the notification indicating that 
the remote user does not have a requisite level of administrative privileges to control the 
content server using the filtered command (col. 17, lines 5-22). , 

20. As to dependent claim 69, Devine discloses wherein the received commands are 
for creating files and directories, editing files and directories, or removing files and 
directories (col. 27, lines 1-5). 

21. As to dependent claim 70, Devine discloses wherein a file structure on the 
content server is manipulated according to the fonA^arded commands (col. 27, lines 1-5). 

22. As to dependent claim 71, Devine discloses wherein the operating system is an 
embedded operation system (col. 5, line 62 - col. 6, line 7). 

23. As to dependent claim 73, Devine discloses wherein the apparatus offloads, from 
the server, managing which of the different users are able to control which functionality 
of the OS (col. 14, lines 6-37). 
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24. As to dependent claims 74-75, Devine and Riggins do not explicitly disclose 
wherein the apparatus allows the different users to control the OS independently of 
whether a password for logging into the OS is provided to the users, and wherein the 
apparatus allows the server to maintain only a single OS level account and password 
regardless of the number of remote users. 

In the same field of endeavor, Brown discloses access rights data is stored within 
the relational database association with multiple user group identifiers, which identify 
user groups (col. 3, lines 12-20). Brown further discloses upon receiving a user-specific 
access rights query, the security server (content server) accesses the group-member 
table to identify all user groups of which the specified user is a member (col. 4, lines 40- 
65). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Brown with Devine and Riggins to 
include storing access rights data primarily on a per-user-group basis, rather than 
separately storing the access rights of each individual user. The motivation for the use 
of user groups is to reduce the quantity of access rights data that needs to be stored. 

25. Claim 65 is rejected under 35 U.S.C. 103(a) as being unpatentable over Devine 
et al. (Devine), US Patent No. 6,606,708 in view of Riggins, US Patent No. 7,287,271, 
and further in view of Brown et al. (Brown), US Patent No. 5,941,947 as discussed in 
claims 62-64, 66, and 69-75 above, and further in view of Booth, US Patent No. 
6,345,307. 
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26. As to dependent claim 65, Devine, Riggins and Brown, however, do not disclose 
wherein the commands are generated by the remote user interacting with a web 
browser and are formatted as HyperText Transfer Protocol (HTTP) requests, and the 
server fonA/ards the commands using an File Transfer Protocol (FTP) format. 

Booth discloses a proxy server is a type of gateway that allows a browser using 
HTTP to communicate with a server that does not understand HTTP, but which uses 
FTP; the proxy server accepts HTTP requests from the browser and translates them 
into a format that is suitable for the origin server such as an FTP request (col. 1, lines 
34-45), and thus this implies the requests are sent using a transfer protocol FTP that 
operates independently of HyperText Transfer Protocol (HTTP) capability on the remote 
server and that operates independently of TELecommunications NETwork (TELNET) 
capability on the remote server. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Booth with Devine, Riggins and Brown 
to include the messages are sent using a transfer protocol that operates independently 
of HyperText Transfer Protocol (HTTP) capability on the remote server and that 
operates independently of TELecommunications NETwork (TELNET) capability on the 
remote server for the purpose of enhancing communications between users and servers 
that do not have the same protocols. 
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27. Claims 67-68 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Devine et al. (Devine), US Patent No. 6,606,708 in view of Riggins, US Patent No. 
7.287,271, and further in view of Brown et al. (Brown), US Patent No. 5,941,947 as 
discussed in claims 62-64, 66, and 69-75 above, and further in view of Lomet et al. 
(Lomet), US Patent No. 6,182,086. 

28. As to dependent claim 67, Devine, Riggins and Brown, however, do not disclose 
wherein the content server periderms transactions according to the forwarded commands 
and the system further comprises: 

the central server to create one or more session log entries that identify the 
forwarded commands, the session log entries containing information allowing a system 
administrator to undo the transactions. 

Lomet discloses server 54 generates a log record for each of its own write 
operation on database objects (col. 10, lines 35-41). Lomet further discloses the server 
can undo a request and re-execute it all over again when the client re-submits the 
request (col. 10, line 59 - col. 11, line 2). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Lomet with Devine, Riggins and Brown 
to include the local server creating a session log entry that identifies the commands 
represented by the messages, the session log entry containing information allowing a 
system administrator to undo transactions performed on the remote server. The 
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motivation for creating log record is to provide undo recovery with incomplete 
requests/commands. 

29. As to dependent claim 68, Devine, Riggins and Brown disclose wherein the 
transactions alter a file system stored on the server (Devine, col. 27, lines 2-5: 
determining authorization for command and control, read, write, and modify files). 

However, Devine, Riggins and Brown do not explicitly disclose the session log 
entry allows the system administrator to rebuild the file system. 

Lomet discloses when restarting after a server failure, the server performs 
analysis pass over log file by rebuilding the active application table (file system) (col. 15, 
line 60 -col. 16, line 12). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Lomet with Devine, Riggins and Brown 
to include the session log entry allows the system administrator to rebuild the file 
system for the purpose of recovering failed server. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chau Nguyen whose telephone number is (571) 272- 
4092. The Examiner can normally be reached on Monday-Friday from 8:30 am to 5:30 
pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Doug Hutton, can be reached at (571) 272-4137. 

The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. On July 15, 2005, the Central Facsimile (FAX) Number will 
change from 703-872-9306 to 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published 

applications may be obtained from either Private PAIR or Public PAIR. Status 

information for unpublished applications is available through Private PAIR only. For 

more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 

have questions on access to the Private PAIR system, contact the Electronic Business 

Center (EBC) at 866-217-9197 (toll-free). 

Chau Nguyen 
Patent Examiner 
Art Unit 2176 . 

/(Doug HuttonJ 
Doug Hutton 
Supervisory Primary Examiner 
Technology Center 2100 



